LINUX.ORG.RU
ФорумDevelopment

Познал ли я дзен jq в написании запросов?

 


2

1

Пример поиска всех уязвимостей 2021-2023 гг, где заголовок, описание или разработчик содержат слово «wordpress» и оценкой уязвимости >= 9.0:

unzip -p data/cvelistV5-main.zip 'cvelistV5-main/cves/202[1-3]/*/*.json' | jq --arg query 'wordpress' '
  .containers.cna as $data | select(
    try(
      (
        ($data.title | test($query; "i")) or
        ($data.descriptions | any(.value | test($query; "i"))) or
        ($data.affected | any(.vendor | test($query; "i")))
      ) and $data.metrics[0].cvssV3_1.baseScore >= 9.0
    )
  )'

Пример вывода:

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "cveMetadata": {
    "cveId": "CVE-2023-32243",
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "state": "PUBLISHED",
    "assignerShortName": "Patchstack",
    "dateReserved": "2023-05-05T08:13:46.345Z",
    "datePublished": "2023-05-12T07:23:22.657Z",
    "dateUpdated": "2023-05-12T07:23:22.657Z"
  },
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "essential-addons-for-elementor-lite",
          "product": "Essential Addons for Elementor",
          "vendor": "WPDeveloper",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.7.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "5.7.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "datePublic": "2023-05-11T07:22:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.&nbsp;<span style=\"background-color: var(--wht);\">This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.</span>"
            }
          ],
          "value": "Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack",
        "dateUpdated": "2023-05-12T07:23:22.657Z"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cve"
        },
        {
          "url": "http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to&nbsp;5.7.2 or a higher version."
            }
          ],
          "value": "Update to 5.7.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  }
}

Или оно короче можно переписать?



Последнее исправление: uwuwuu (всего исправлений: 1)
Подскажите подходящий алгоритм сжатия
Регексп казалось бы типовая задача, ан-нет

как и в с любым хитровывернутым запросом к БД, тебе важнее быть уверенным в том, что ты понимаешь что он делает и глазками уверен в его правильности, чем сократить его длину

max_lapshin ★★★★★
()
Для того чтобы оставить комментарий войдите или зарегистрируйтесь.
Подскажите подходящий алгоритм сжатия
Development
Регексп казалось бы типовая задача, ан-нет